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Cloud computing has become a revolutionary computing model which 
provides an economical and flexible strategy for resource sharing and data 
management. Due to privacy concerns, sensitive data has to be encrypted 
before being uploaded to the cloud servers. Over the last few years, several 
keyword searchable encryption works have been described in the literature. 
However, existing works mostly focus on secure searching using keyword 
and only retrieve Boolean results that are not yet adequate. On the other 
hand, poor-resources of mobile networks play an important role on all 
applications area nowadays. Mobile nodes mostly act as information retrieval 
end which make it important to address this problem. In this paper, 
we present a secure keyword search scheme based on the Bloom filter 
(SKS-BF), which enhances the system’s usability by allowing ranking based 
on the relevance score of the search results and retrieves the top most 
relevant files instead of retrieving all the files. Further, the Bloom filter (BFs) 
can accelerate a search process involving a large number of keywords. 


Extensive experiments and network simulation confirm the efficiency of our 
proposed schemes. 
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1. INTRODUCTION 

Many papers are focusing on the security of cloud data storage, which is regarded as an important 
feature of the quality of service. A currently standard solution to protect data in cloud computing is applying 
cryptographic techniques to sensitive data. There are very many crypto-graphic primitives that we are able to 
apply in this manner. In recent years, many attempts have been made to propose efficient and effective 
schemes to enable searching over encrypted data. A keyword-based search approach has been widely used by 
traditional search engines, e.g. Google plaintext keyword search. In recent years, secure search over 
encrypted data has attracted the attention of many scholars. Song et al [1] first define and suggest the 
conception of searchable encryption (SE), which is a cryptographic primitive that allows users to perform a 
keyword-based search on encrypted files [1-4], as completely as on a plaintext dataset. Searchable encryption 
can be classified into two fields: symmetric searchable encryption (SSE) [1, 5] and asymmetric searchable 
encryption (ASE) [6-10]. 

Modern information retrieval(IR) techniques [11] utilize the ranked-search model to rank all the 
retrieved documents according to some relevance criteria. Such a model provides precise results by only 
downloading the top-k relevant files from the whole file collection. Wang et al. [12] first discussed the 
problem of elective yet secure ranked keyword search over encrypted cloud data. This scheme enhances the 
system’s usability by retrieving the matching documents in a ranked order regarding certain relevance criteria 
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for example keyword frequency. Furthermore, a ranked search can eliminate unnecessary network traffic by 

receiving only the most relevant data. 

As before, searchable encryption is an important solution that allows search directly over encrypted 
data. Similar to searching over plaintext documents, a common method of searchable encryption schemes is 
to build a secure index for the whole document collection. Then, in the search phase, which is done on the 
cloud server side, just the secure index is referenced. Such secure index-based searchable encryption not only 
enhances the scalability of the searches, but also makes the encryption of each document independent of the 
searchable encryption scheme used. The inverted index structure is the most common one for the keyword 
search on encrypted data [3, 13-15]. 

In terms of Communication cost, Mobile networks (MANET) widespread because of its necessity 
when network infrastructure are not available or impossible, in recent years mobile nodes are growing 
rapidly, this lead to the presence limited resource mobile clouds clients. Many attempts have been made to 
propose efficient and effective schemes to enable searching over encrypted data with mobile-cloud 
environment [16, 17]. Gupta [18] has stated that MANET may play primary and inevitable role in the growth 
of cloud-based services. In Ref. [19], the authors express that the attractive feature of cloud based services 
which depend on eliminate or reduce the requirement of infrastructure-based network, but limited resources 
of MANET take considerable research area. 

Data encryption makes cloud data utilization, e.g. keyword search, a very challenging problem. 
Retrieving the encrypted dataset first, then searching the decrypted data, is evidently counterproductive and a 
waste of precious computational and communicational resources. The early encryption schemes didn’t 
concern mobile-clouds (or mobicloud) directly, so researches didn’t gave saving energy issue high priority. 
As mobicloud emerged, an energy consumption is being coming critical, a lightweight algorithm and is 
suitable in mobile devices. Therefore, Most of the security concerned frameworks offloads cloud servers 
intensive jobs for saving the limited resources mobile networks [20]. The search process via keyword is one 
of searching strategies which completed at the cloud side and on the encrypted data reducing the 
communication overheads 

As mentioned earlier, the first public key scheme for keyword search over encrypted data (PEKS) is 
presented by Boneh et al. [6]. The scheme does not handle the issue of secure ranked keyword search over 
encrypted cloud data [21]. To solve this issue and enable cloud servers to perform secure search without 
knowing the original value of either the keywords or trapdoors, we present a secure ranked keyword search 
scheme based on the Bloom filter (SKS-BF). 

The contributions of this paper can be summarized as follows: 

a) Building a secure inverted index based on Bloom filter [22] and public key searchable encryption 
scheme. 

b) Extending the secure searchable index to a rank-oriented searchable index. To do so, we assign 
numerical relevancy scores to each document matching a given trapdoor. We build the secure keyword 
search technique based on the bilinear map, which allows data users to protect the privacy of the 
relevance scores and of the trapdoor, and show that the proposed scheme is secure in the random oracle 
model (Rom) under the Bilinear Inverse Diffie-Hellman Problem BIDHP. 

c) Enhancing the usability of MANET through the reduction of data communication over-head in 
information retrieval process. 


2. LITERATURE REVIEW 

The first attempt of Private Information Retrieval (PIR) was made by Chor ef al [23]. In recent 
times, Groth et al. [24] introduced a multi-query PIR technique with constant communication rate. 

Classical searchable encryption has been widely elaborated as a cryptographic primitive, with a 
concentration on security definition formalizations and efficiency enhancements. The method of searchable 
encryption was first proposed by Song et al. [1]. The suggested method supports single keyword search 
without index, which means the server must scan the entire file to find the search result. Goh et al [2] 
proposed constructing a keyword index for each file and using Bloom filters to speed up the search. Curtmola 
et al. [3] suggested the first inverted index based encrypted searchable index. Their scheme includes 
constructing indices for each trapdoor of a keyword, and using hash tables as an alternative technique to 
searchable encryption. The file list for each keyword is encrypted and inserted into an array. Based on [3], 
Kamara et al. [13] proposed the concept of dynamic searchable encryption and built an encrypted inverted 
index that handles dynamic operations such as document updates, but their scheme is very complex to apply. 
Therefore, as an improvement, Kamara et al. [25] presented a novel search technique based on a tree-based 
index. This technique can treat dynamic update on document data buffered in leaf nodes. Searchable 
encryption has also been regarded in the public-key setting. The first public key scheme for keyword search 
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over encrypted data was suggested by Boneh ef al. in [6]. In this scheme, any user with the public key can 
write to the data stored on the cloud server, but only trusted users with the secret key can search. 

The notion of secure ranked search over encrypted data was first proposed by Wang ef al. [12]. 
[12, 26] allowed data users to search only with single keyword query and retrieve the top-k relevant 
documents. Cao et al. [27, 28] introduced the first privacy-preserving multi-keyword ranked search scheme, 
in which documents and queries are formed as vectors of dictionary size. With coordinate matching, 
the documents are ranked according to the number of matched query keywords. These techniques do not take 
the significance of the different keywords into consideration. Therefore, they are not precise enough. Orencik 
et al. [29] proposed a secure multi-keyword search scheme employing local sensitive hash (LSH) functions to 
collect similar documents. The LSH protocol is convenient for similar search, but cannot give an accurate 
ranking. Zhang et al. [30] introduced a method to deal with secure multi-keyword ranked search in a multi- 
user form. In this method, various data users use different secret keys to encrypt their keywords and 
documents while authenticated data users can query without knowing the keys of these various data users. 
The authors proposed an Additive Order Preserving Function to return the most relevant search results. 
Wang ef al. [31] introduced a public-key searchable encryption method based on an inverted index. 
Their method preserves the high search efficiency inherited from the inverted index, while removing the one- 
time-only search limitation of the previous techniques. Recently, Chen ef al. [32] presented a hierarchical 
clustering technique to support most search semantics and also to meet the demand for fast ciphertext search 
within a big dataset. Their technique clusters the documents based on the minimum relevance threshold, and 
then splits the resulting clusters into sub-clusters until the constraint on the maximum cluster size is reached. 

The methodology of optimized routing for cloud-networks using ZRP (Zone Rout Protocol) aims at 
minimizing routing overheads and prevents redundancy on all nodes in zone by adopt-ing shortest distance 
between the nodes as the elected best path and discard other paths from the routing table[33-35]. Lee et 
al.[36] proposed a combined compression technique. It incorporates routing process with compressive 
sensing for energy aware data gathering in wire-less sensor networks. The Simulation results exhibit the 
electiveness of the proposed combined technique which outperform the standard compressed sensing. 
Many compression techniques had been invented to solve the energy limitation of mobile nodes, they vary 
upon compression level from link, data, and protocol’s headers [37-41]. 


3. PRELIMINARY 
3.1. Inverted Index 

Most current IR techniques [11] utilize an index of the document collection to speed up the search. 
The inverted index (also referred to as the postings document) is one of the most popular data structures used 
in information retrieval systems [42]. An inverted index includes multiple inverted lists. One inverted list 
stores a list of mappings from a keyword w to its corresponding set of document IDs that include this 
keyword. Additional information can be inserted in the inverted list, like the numerical statistics of the 
keyword (to support result ranking), each document in the inverted lists is assigned a numerical relevance 
score. Such scores are used to decide which document is more relevant to the corresponding keyword. 
The TFXIDF method is widely used to calculate the relevance scores. For the given word w and the 
document D, TF (term frequency) indicates the number of times in which w appears in the document D, 
while IDF (inverse document frequency) refers to the ratio of the whole number of documents in the 
collection to the number of documents that contain the keyword w. Among several TFXIDF formulas, we 
choose the following formula to calculate the relevance of the Document Fy with regards to the keyword w: 


1 
\Fal 


Score(w, Fd) = (1 + Info) (1) 


where w indicates the searched keyword, fu» denotes the term frequency TF of keyword w in document Fy, 
and |F4l is the length of the document Fz, obtained by counting the number of indexed terms, functioning as 
the normalization factor. 

The essential advantage of using an inverted index comes from its search efficiency, especially for a 
large volume of documents. The search process is performed on a much smaller document set, 
which comprises the inverted lists that correspond to the query keywords. 


3.2. Complexity Assumptions 


The symbol G is used to denote a group which is a set with some binary operation. Definition 3.1. 
The number of items in G is called the order of G. A group G is finite if the number of items is finite. 
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Definition 3.2. A group G is cyclic if there is an item v € G such that for each x € G there is an integer i with 
x =v’. Such an element v is called a generator of G. 

The main groups used in this paper are Z,, G; and Gy. Z, denotes the set of integers under addition 
modulo n, G, is an additive group and Gy, is the related multiplicative group. Both G, and Gy, are cyclic groups 
of large prime order r related to elliptic curves over finite fields. 

We now review the bilinear pairing that plays a crucial role in building the efficient PEKS scheme, 
introduced in [6]. Definition 3.3. (Bilinear Pairing [43]) Let G, and Gy be two cyclic groups with a prime 
order r, v is a generator of Gx and Gy. Then we say €:G, x G, > Gy is a bilinear map if the following 
properties are satisfied: 

a) _ Bilinearity: 6 (v“, v’) = é (v, v)” for all a, b € Zp. 
b) Non-degenerate: é (v, v) 1. 
c) Computable: given v, h € G, there is a polynomial time algorithm to compute é (v, /) € G). 

Below, we review the definition of the Bilinear Diffie-Hellman (BDH) problem associated with the 
bilinear pairings [43]. 

Definition 3.4. (Bilinear Diffie-Hellman (BDH) Problem) Let Gx, G, be two groups of prime order r, 
v be a generator of Gx, @:G, X G, > Gy be an admissible bilinear map and AR be an attacker algorithm. 
The BDH problem in (Gx, Gy, €) is as follows: Given (v, v’, v°, v°) for some a, b, c € Zn, compute é (v, v)** 
€ Gy. An algorithm AR has advantage in solving BDH in Gy, if Pr [AR (vy, v’, v°, v°) =@ (v, v)**] >e. 


4. PROBLEM FORMULATION 
4.1. System and Threat Model 

Our scheme includes three different entities, a data owner DW, a cloud server CS, and data users 
DU. We suppose the authorization between the data owner and data users is appropriately done. DW has a 
collection of n data files FC= (fi, fo, ..., fv) that he wants to outsource on CS in encrypted form. To do that, 
before outsourcing, DW will first build a Secure Searchable Index SSI from a set of m different keywords W= 
(w), W2, .... Wn) extracted from the file collection FC, and store both the index SSI and the encrypted file 
collection ENCrc which are encrypted using a standard symmetric algorithm like AES [44] on the 
cloud server. 

DU is authorized to access the files of DW, he generates a search request (trapdoor Tw) of the 
(keyword w) and submits it to the CS. Upon receiving the trapdoor Tw from the data user, the server searches 
over the index SSI, and retrieves the corresponding set of ranked encrypted files. After that, DU can decrypt 
the files using the shared secret key. 

To minimize the communication cost, the data user may send an optional value k along with the 
trapdoor Tw so that the cloud server only sends back the top-k documents that are most relevant to the search 
request. Additionally, upon receiving the updated information from DW, the cloud server needs to update the 
searchable index SSI and file collection FC according to the received information. 

In our scheme, we treat the cloud server as an honest-but-curious adversary. In other words, 
the server follows our proposed algorithm faithfully, but it is anxious to know the keywords, the contents of 
the encrypted files, and the relevance scores. We suppose that the authorized data users are fully trusted by 
the data owner and they are authorized to access all the files through search operations. 


5. CONSTRUCTION OF THE SKS-BF SCHEME 

5.1. Notations 

a) FC: the file collection to be uploaded, expressed as a set of M data files FC={fi, fo, ..., fur}. 

b) W: the different keywords extracted from the file collection FC, expressed as a set of N keywords W 
={W1, W2,..., Wn}. 

c) Encrc : the encrypted file collection for FC, expressed as Encrc={Encr,, Ence,, ..., Encg,, }. 

d) FCyi: the identifier set of M files in Encrc that contain keyword w; and can help uniquely locate the 
actual file, expressed as FCwi={IDw,,,1Dwit,> ---!Dwity 3: 

e) Enc: the collection of k retrieved documents from the cloud server contained the key-word, denoted as 
Encr = {Ency,, Encg,, ..., Enc, }. 

f) ILy,: the inverted list which stores a list of mappings from keyword wj to its corresponding set of 
document IDs that contain this keyword, and their scores SCwig;» ILy,={UDwie,!l Scwit,), UDwit)!l Sew,e)” 
~ (ID wit! SCwity) 

g) InvLis: the index constructed from the file collection, including a set of inverted lists IL,,,, expressed as 
Invlais={Ty5, My, 5 «++. Twa 
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h) Qw: a subset of W, representing the keywords in a search request, denoted as Qw={qwi, qw2, ..., qwi}. 
i) Tw: the trapdoor set generated by the data user as a search request of query set Qw, expressed as Tw = 
{twi, two, ..., twi}. 


5.2. Details of the Scheme 

In the present paper, we build an inverted index from the file collection FC, to speed up the search 
process. Also, we employ the Bloom filter to accelerate the search process over this index. On the other side, 
to simplify the ranking task, we need to upgrade the searchable index SSI to a rank-oriented searchable 
index. To do that, we attach relevance scores with each keyword-file entry in the searchable index. 

Unlike the previous techniques, the data owner ranks the matched documents according to relevance 
scores, since directly uploading relevance scores will leak lots of significant frequency information against 
the keyword privacy. Hence, the essential issue here is how we can encrypt these numerical scores while 
preserving their ability to rank the relevant documents. In our scheme, we closely follow the PEKS algorithm 
to encrypt the inverted index to avoid leaking the relative order of the relevance scores to the cloud server, 
except for a slight modification in the structure of PEKS, which involves using the Bloom filter. 
Additionally, in this scheme, DU can implement top-k retrieval with one round trip for each search request 
without waiting for the time of two round trips for each search request, this will avoid unnecessary 
communication cost. Also observe that in this way, CS still knows nothing about the values of the numerical 
scores, but it learns that the required documents are more relevant than the ones not required. 

Our scheme consists of four algorithms: a key generation algorithm Key-Gen, file collection 
encryption algorithm Enc-FC, an index construction algorithm SS/-Const, a trapdoor generation algorithm 
Tw-Gen, and a searchable index algorithm SS/-Sear which are scattered among three phases, the data owner 
phase, the data user phase and the cloud server phase. 


5.2.1. Data Owner Phase 

This phase includes three algorithms as detailed below: 
a) Key-Gen(@): DW initiates the scheme by using a key generation algorithm Key-Gen which takes the 
security parameter 8 which determines the size of Gx and Gy, as input to create the following public 
parameters PP: r as a large prime number, two groups G, and Gy, of order r, V is a random generator of 
Gx, a bilinear map @: G, x G, > Gy, three cryptographic hash functions Hi, H2, Hbioom, two public keys, 
one for data owner DWpx and other for data user DUpx , and two secret keys SK: a and B. 
Enc-FC(FC): To protect the file collection privacy, FC should be encrypted before uploading them onto 
cloud server which is not within their trusted domains. To do that, the data owner executes a file 
collection encryption algorithm Enc-FC to encrypt each file f€FC using AES algorithm [44]. Each file fj 
comprising of a unique identifier ID; ¢{0, 1}”. 
SSI-Const (PP, FC): The data owner DW runs an index construction algorithm SSI-Const to build a 
Secure Searchable Index SSI for all searchable keywords W, which are stored at the service provider, 
which will help DW to perform a keyword search by calling this algorithm. Firstly, the algorithm scans 
the file collection FC and extracts the distinct keywords W from FC. Then the algorithm constructs the 
identifier collection of M files in Encrc that contain the keyword wi as FCw={IDw,¢,, Dwit,> -+-!Dwity }- 
For each file in FC\;, SSI-Const algorithm computes a numerical relevance score Sc according to (1). The 
computed scores are used to determine which file is more relevant to the corresponding keyword. Next, it 
attaches the relevance scores with the corresponding files as (IDI Swit.) and stores them in the Inverted 


b 


wm 


Cc 


Nee 


List IL,,,. Then, the algorithm sorts each Inverted List ILy,,¢InvLis according to the scores of all the files 
containing wi. 

To secure the relevance scores and the keyword, we apply bilinear maps on elliptic curves [45]: we 

use two groups G, and Gy of prime order r and a bilinear map é:G, x G, > G,. We also need two hash 


functions H; : {0, 1}"—+G, and H2 : G,>{0, 1}'°8. We use this bilinear map with each relevance scores and 
keyword w; as Enc-Scwig = H2(€ (DUpx , H USCwipj)) and Enc-w=aH(wi)V+a(DUpx) respectively. Then, DW 
stores the Inverted Lists JnvLis in SSI. Finally, the data owner sends the SSI and the encrypted documents set 
Encrc to the cloud server. 

On the other hand, to secure the keyword w; in each Inverted List IL,,i, DW creates one Bloom filter 
BF for all keywords: this filter consists of an array of x bits, and uses p independent hash functions M1, ..., hp. 
The filter allows the data owner to perform key-word searches efficiently, but could result in some false 
positive retrievals. A classical Bloom filter may reveal information about the keyword, since the hash 
functions are publicly known. So, a suitable solution to create a searchable index using the Bloom filter is to 
instead index each keyword by its encrypted image. Algorithms 1, 2 and 3 below show the key generation 
algorithm, file collection encryption algorithm and the index construction algorithm. 
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Algorithm 1-Key-Gen(6) 
1: generate a prime r, and select arandom generator V of G,, 
2: choose two cyclic groups (Gx,+), (Gy,.) of order r, and construct a bilinear map é: G, x G, > Gy, 
3: specify two hash functions H; : {0,1}” > Gx, H2 : Gy > {0,1}!°, where H; and Hp are random oracles, 
and select p hash functions for the bloom filter Hptoom={h1,..., hp}, 
4: pick a random B eZ? as a DU private key, calculate the corresponding public key DUpx = BV, 
5: pick a random aeZy as a DW private key, calculate the corresponding public key DOpx = aV, 
6: return a public parameter PP = {G,, Gy, r, V, Hi, H2, Hptoom, €}, and a secret keys SK ={a,B}. 


Algorithm 2-Enc-FC(FC) 
1: for each file f; « FC do 
- encrypt fj using (AES) algorithm. 


Algorithm 3-SSI-Const(PP, FC) 
1: Initialization: 
- scan FC and extract the distinct keywords W = {w1, w2, ..., wn} from file collection FC, 
2: Construct inverted lists: 
- for each w; € W, construct FCy; where i < [1, N], 
* for each IDwir; € FCwi where j € [1, M], 
- compute the score for file IDwis according to (1), denoted as Scwis;» 
- store the Dwi, ’s identifier with score SCwifj> dDI Swit.) in the Inverted List ILwi, 
* sort the inverted list ILwi according to scores of all files contained wi, 
* encrypt Scwif, as Enc-Sew..= H2(€( DUpx , Ai(Scwig))), 
3: Secure the keyword in each inverted list: 
- for each ILyi € InvLis, 
* encrypt wi, set the encrypted keyword as Enc-w=aH)(wi)V+o(DUpx), 
* compute R; = Ha(é (V, V)*), 
4: store the inverted lists InvLis and R; in SSI 
5: send the encrypted files Enc-FC and the index SSI to the server. 


5.2.2. Data User Phase 

This phase includes one algorithm as detailed below: 

Tw-Gen(PP, Qw): DU will run a trapdoor generation algorithm Tw-Gen to retrieve only the 
encrypted files containing keywords, DU will get the public key DOpx and create a set of trapdoors Tw = 
{twi, tw2,..., twi} from a set of keywords Qw = {qwi, qw2,..., qwi}. DU will compute the trapdoor of the 
search request of Qw using his secret key, twi = (Hi(qwi)+B)'V [45]. Finally, data user submits Tw to the 
cloud server. Algorithms 4 below show the trapdoor generator algorithm. 


Algorithm 4- Tw-Gen(PP, Qw) 
1: for each qwi € Qw where i ¢€ [1, I], 
2: compute trapdoor using DU’s private key as: twi = (Hi(qwi) +B)'V, 
3: send the generated trapdoors Tw and the corresponding top-k to the server. 


5.2.3. Cloud Server Phase 
This phase includes one algorithm as detailed below: 

SSI-Sear (SSI, Tw, k, PP): upon receiving the trapdoor Tw, the server will call the a searchable 
index algorithm SS/-Sear on the searchable index SSJ and return the associated Bloom filter BF, 
then compute independent hash functions Ha(R1) where d= 1...p and R; = H2(é(V,V)*), and compute HR2) 
where R2 = H2(é(tw;, Enc-w;)). Then server tests BF in all p locations. If all p locations of all independent 
hash functions in BF are 1, the server returns the relevant encrypted files corresponding to tw; to DU. 

Once DU receives the encrypted files from CS, he/she decrypts each retrieved document Encg € 
Encrc using the AES encryption method algorithm. Algorithm 5 below show the search index algorithm. 


Algorithm 5- SSI-Sear(SSI, Tw, k, PP) 
1: compute the length x of the Bloom filter BF, 
2: create the Bloom filter BF of x zero-bits, 
3: for each tw; € Tw where j ¢€ [1, I], 
4: for each Enc-wi € SSI where i € [1, N], 
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: compute R2 = H2(é(tw;, Enc-wi)), 

: compute independent hash functions: bfa = Ha(R:) for d ¢€ [1, p], 

: set BF[bfa]=1, 

: compute independent hash functions: Ha(R2) for d € [1, p], 

: if all p locations of all independent hash functions in Bloom filter BF are 1, CS gets the ranked search 
results, then sends the ranked ID list of top-k encrypted documents Enc- to the data user. 


Oo OAINN 


6. SECURITY ANALYSIS 

Here, we analyse the security characteristics using the scheme we described above. In terms of 
privacy of the keywords and relevance scores, we construct the scheme based on bilinear pairing to protect 
the privacy of the trapdoors and relevance scores. Below, we prove the security of the keyword encryption 
process. Theorem 6.1. The proposed SKS-BF scheme is semantically secure against chosen-keyword attacks 
under the Bilinear Inverse Diffie-Hellman Problem (BIDHP). 

Proof. Let AR be an attacker that wins the security game (breaking the SKS-BF scheme) with an € 
advantage. Suppose AR makes Qry; and Qryz2 hash function queries and Qrr trapdoor queries. Also, 
we suppose there is an algorithm CH that breaks the BIDH problem with advantage at least €, and propose 
CH is given (7, G;, G,, 6,V,V). Then CH’s goal is to solve a BIDHP. CH interacts with the forger AR in the 
security game as follows: 

At any time, algorithm AR queries the random oracle H, or Ho. 

1) H-queries: To respond to this type of query, the challenger CH maintains H), a list<Wj,Aj, Ej>. The list 
is initially empty. 

When AR queries Wi from the random oracle H1, and algorithm CH responds as follows: 

a) If Wi already appears in the list H1, then CH responds with Ai. Otherwise, CH generates a random 
coin Ei € {0,1}. If Ei = 0, then CH computes i= bV for a randomly selected b € Zt, otherwise, 
Ei = 1, CH selects a random element a and computes Ai = a-1V. 

b) In both cases, the challenger adds the tuple < Wi, Ai , Ei > to the list HI and responds with H1(Wi) 
= Ai. 

c) When AR requests an encryption of keyword W, Algorithm CH calls the above algorithm to 
respond to Hl1-queries to get Ai € Gx. Then he searches H1 for the keyword Wi. If Ei = 1, 
then CH aborts. Otherwise, H1(Wi) = bV, and then CH computes 


Ency,p= H1(Wi)X +a DUPK 
a. (bV)V +a DUPK 

a (bV)V + oB V 

a V(bV+B) 





d) CHcan build a searchable index SSI by executing the algorithm SSI-Const(PP, FC). Then it returns 
the index SSI to AR. 

2) - Hbo-queries: The challenger maintains Hz, a list (y,¢~). The list is initially empty. At any time, AR issues 
a query y to Hp. CH checks whether y appears in H2 in a pair (y,@). If not, the challenger CH picks a 
random value @, adds the pair (y,@) to Hz, and answers AR with Ha(y) = 9. 

3) Trapdoor queries: When AR makes a query for the trapdoor of the keyword W;, CH runs the above 
algorithm to respond to Hi-queries to get A; € G,, then searches the Hj)-list for the query. If Ej = 1, 
then CH aborts. Otherwise, Hi(Wi) = bV, and then CH computes 


Tw = (H1(Wi) +B)-1V 
(bV +B)-1V, 


where CH does know 8, and answers AR with Tw. 

4) Challenge: Algorithm AR selects and sends a pair of keywords WO and W1 to CH on which it wishes to 
be challenged, and AR must not have asked previously for the trapdoors of any of the words WO or W1. 
After receiving (WO, W1) from the attacker, CH calls the above algorithm twice to respond to HI1- 
queries to get (WO, AO, EO) and (WI, A1, El). If both EO and El are 0, then CH reports failure and 
terminates. Otherwise, CH randomly picks 6 € {0,1} such that Ed = 1, and then CH responds with the 
challenge ciphertext Encw and RI where R1le{0,1}logr C = (Encw, R1). The decryption of the 
ciphertext is 
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Decg= H2(e(Tw5,Encw;)) 
= H2(@(bV, a-1V)) 
= H2(@(V, V)? >) 


by the definition Dec; = R}. The challenger creates the secure index SSI6 by running the algorithm SSI 
Const(PP, FC) and sends SSI6 as a challenge to AR. 

5) More queries: After the above challenge query, AR can do additional trapdoor queries, with same 
restriction that Wi # Wo, Wi, CH answers these queries as before. 

6) Output: Eventually, AR outputs its guess 6 € {0, 1} for 6. 


7. PERFORMANCE OF OVERALL SKS-BF SYSTEM 

In this section, we measure the efficiency of the proposed scheme with MANET resources usability 
in terms of retrieved data and corresponding energy saving. Also, we evaluate our scheme and compare its 
performance with PPSE composed in [46]. The entire experiment design is implemented using MATLAB 
application and NS2 2.3 simulator on a Windows 8 server with an Intel(R) Core(TM) i5-3032M CPU at 
2.60GHz. The bloom filter and encrypted data retrieval was performed with MATLAB, and the entire 
network design and residual energy calculation were performed with ns2 simulation. 


7.1. Evaluation Results 

To build a secure index with ranked keyword search, an ordinary posting list attaches a relevance 
score to each posting entry. Our method replaces the original values of scores with the encrypted ones. 
The size of the posting lists is absolutely linear in the size of the keyword dictionary. The additional bits of 
encrypted relevance scores are not an important issue because of the cheap storage overhead on cloud 
servers. On the other hand, our scheme takes a long time to build the secure index; this is because the security 
of SKS-BF heavily relies on the bilinear pairing operation and operations over elliptical curves. So, we do 
not discuss the index construction time here, we suppose the data owner has built the secure searchable index 
already. We focus on the efficiency of the search: after receiving the trapdoor from the user, the server needs 
to compare the trapdoor with the searchable index. The consumed time is shown in the following figures. 

As the encrypted scores are ranked by DW, the cloud server can process the top-k retrieval almost as 
fast as in the plain text domain. Figure 1 shows our search time overhead against increasing values of k, 
for the same index with ten queried keywords for different numbers of retrieved files with the same file 
collection M = 10000, and dictionary keyword N = 4000. 
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Figure |. The time overhead of query when 1 = 10; M = 10000 and N = 4000 


In terms of search efficiency evaluation, we compare the search time complexity with the PPSE 
scheme [46]. The main computation to perform a query in the cloud server consists of computing and ranking 
the similarity scores for all documents in the dataset and choosing the top-k results from all the scored 
documents. For SKS-BF, query execution in the cloud server includes one protocol (Locate Keywords and 
returns the ranked JD list of top-k encrypted files Encr to DU). 
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Figure 2 shows that, given the same number of queried keywords (1 = 10) and the same size of data 
files (M = 10000), when the size of keyword dictionary changes from 4000 to 12000, the time overhead of 
the search also increases linearly for the scheme PPSE, while it remains constant for SKS-BF. 

Figure 3 shows that, given the same number of queried keywords (1 = 10) and the same size of the 
keyword dictionary (N = 4000), with different numbers of documents, the time overhead of the search 
increases linearly for PPSE, while it remains constant for SKS-BF. Furthermore, the search time of SKS-BF 
is sensitive to the size of the keyword dictionary, and it is insensitive to the size of the dataset, while PPSE 
suffer a quadratic growth as the size of the dataset increases and the size of the keyword dictionary increases. 
However, from the discussions above, we can put the conclusions that our technique has less search time 
consumption than PPSE. 

In terms of communication cost which is the core problem of MANET, it is obvious that the 
proposed method reduces the retrieved files, and accordingly the communication processes saves the node’s 
energy as shown in Figure 4. The energy overhead decreases linearly. The proposed scheme avoids 
unnecessary communications, and therefore has highly contributed in energy saving. 
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Figure 2. The time overhead of query when | = 10; Figure 3. The time overhead of query when | = 10; N 
M = 10000 and k = 50 = 4000 and k = 50 
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Figure 4. The saved energy vs number of retrieved files 


The simulation environment, as shown in Table 1, comprise 50 nodes with initial battery power 
2000 joule. All the simulation’s traces take place at the sending node. SKS-BF takes place in 20 simulation 
sessions on NS2 for multiples of 500 retrieved files for each search request. Downloading the top-k relevant 
files from the whole file collection is an important concentration point from MANET developer point view. 


Indonesian J Elec Eng & Comp Sci, Vol. 18, No. 1, April 2020: 64 - 74 


Indonesian J Elec Eng & Comp Sci ISSN: 2502-4752 Oo 73 





8. 


Table 1. Simulation Environment 








No.nodes 50 
Data stream CBR 
Battery initial energy 2000 joule 
Routing protocol DSDV 
Packet size 512 byte 





CONCLUSION 
In this paper, we suggest a novel construction of a public key searchable encryption method. We use 


the inverted index and Bloom filter to speed up the search processes with a large amount of keywords. 
The scheme is efficient because it relies on pairing operation on elliptical curve. Because the search pattern 
has been identified as an important security threat in searchable encryption techniques, the proposed scheme 
features a probabilistic trapdoor construction algorithm to protect the search pattern. Finally, the 
experimental and simulation results demonstrate that the proposed scheme not only properly tackles the 
secure ranked keyword search issue, but also brings an enhancement in the reduction of data communication 
through the search and retrieval processes. 
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